• Steve Hoevenaar, Director

Meltdown and Spectre Vulnerabilities, and How You Can Spot Them


Two processor vulnerabilities are currently in the news, and here’s a summary on the vulnerabilities and how customers may be affected, in addition to how Pinnacle’s threat hunting services detect and mitigate risks in these exploits.

In a nutshell:

Meltdown allows a program to access the memory of other programs as well as the OS.

Spectre allows an attacker to trick error-free programs into leaking privileged data.

Spectre affects all of the processors, whereas Meltdown hits Intel and ARM processors.

Although these are new threats, current endpoint protections that perform memory anomaly scanning, like Cybereason or Cylance, may detect/prevent these memory exploits and feed our PeakPlus SECURE Platform with specifics.

The method of launching these attacks is similar to, if not exactly the same as, landing page exploits used for ransomware or exploit kits. We would expect to see Spectre and Meltdown use the same common attack vectors. Examples would be alerts similar to landing page or phishing attacks.

Spectre Official CVE: CVE-2017-5753 and CVE-2017-5715

Meltdown Official CVE: CVE-2017-5754

This can be mitigated by existing deployments of web proxies, firewalls, and IPs. Then, once patches for operating systems, web browsers, proprietary systems, security platforms, etc., are available, ensuring that the most up-to-date patches are deployed will be key to limiting access to the privileged memory.

Additional information on these vulnerabilities can be found at the following links:

http://www.crn.com/slide-shows/security/300097486/heres-how-17-security-vendors-are-handling-the-meltdown-and-spectre-vulnerabilities.htm?cid=nl_alert#li=MA1-0b37723574c44315&cs=MA1-86eebb05e7c8093bff3a649b47e64678

https://meltdownattack.com/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel

If you have concerns about Meltdown and Spectre in your organization, and need assistance to ensure that you are protected, please contact us.

#Spectre #Meltdown

CONNECT

 Blog
Events
Press Releases

  • PTP You Tube
  • white LinkedIn icon
  • white Twitter icon
  • PTP Facebook Page

CONTACT

Sales and General Inquiries

 617.297.9670

Customer Contact Center

Reach us 24x7x365

844.297.7290

info@ptp.cloud

 

Corporate Headquarters
83 Morse Street, Unit 6B

Norwood, MA 02062

© 2020, Pinnacle Technology Partners. All rights reserved. All trademarks referenced herein are the properties of their respective owners. Privacy Policy